Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 793956 (CVE-2020-24870)

Summary: <media-libs/libraw-0.20.2: Buffer overread (CVE-2020-24870)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: zlogene
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/LibRaw/LibRaw/issues/330
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-02 18:53:14 UTC 
Description:
"Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp."
Comment 1 Larry the Git Cow gentoo-dev 2021-07-24 06:22:12 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1f50281d24542eec7e9336689170314d24e13e83

commit 1f50281d24542eec7e9336689170314d24e13e83
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-07-24 06:12:25 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-07-24 06:21:40 +0000

    media-libs/libraw: drop 0.20.0
    
    Bug: https://bugs.gentoo.org/793956
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-libs/libraw/Manifest             |  1 -
 media-libs/libraw/libraw-0.20.0.ebuild | 62 ----------------------------------
 2 files changed, 63 deletions(-)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:21:58 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:30:09 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:38:06 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 17:46:14 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:02:11 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2021-07-29 18:10:30 UTC 
Package list is empty or all packages have requested keywords.
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-09 23:00:31 UTC 
GLSA request filed.
Comment 9 Larry the Git Cow gentoo-dev 2022-08-10 04:18:10 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=295e8cf0e4525d551c5cd7a97b5b356bf52dcaaa

commit 295e8cf0e4525d551c5cd7a97b5b356bf52dcaaa
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-10 04:06:16 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-10 04:16:27 +0000

    [ GLSA 202208-07 ] LibRaw: Stack buffer overread
    
    Bug: https://bugs.gentoo.org/793956
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-07.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 04:21:56 UTC 
GLSA released, all done!